* Dieter Kluenter <dieter@dkluenter.de>:
> Gildas Bayard <gildas.bayard@hds.utc.fr> writes:
>
> > Hello,
> >
> > I'm setting up a new ldap server on ubuntu server 8.04.3 LTS.
> > man slapd.conf encourages me into using SASL auth for rootdn instead
> > of setting the rootpw parameter in slapd.conf.
> >
> > So I created a user in sasldb with saslpasswd2. sasldblistusers2 give me
> > admin@coruscant: userPassword which is what is expected.
> > But then I see that the password there is in plain text so I don't
> > really get the advantage of using SASL then. So I decide to use
> > saslauthd instead (which in turn will use pam by default).
>
> Why do you want to use saslauthd and sasldb to authenticate rootdn
> against slapd? And why do you complain about plaintext passwords in
> sasldb? How else could you response to a challenge based on a shared
> secret?
>
> > My problem is that I could not find how to tell openldap to use
> > saslauthd instead of sasldb.
> [...]
>
> Because in most cases a ldap server maintains its own user database
> and password storage. Basics on how to implement SASL you can find in
> the Admin Guide
> http://www.openldap.org/doc/admin24/sasl.htm
I pretty much gave Gildas the same answer on the Cyrus SASL mailing list ...
p@rick
--
state of mind
Digitale Kommunikation
http://www.state-of-mind.de
Franziskanerstraße 15 Telefon +49 89 3090 4664
81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563